Medical Research Agency Privacy Policy

We use cookies in order to provide the highest level of service. If you use our website, cookies will be placed on your device.

The controller of your personal data is the Medical Research Agency at ul. Chmielna 69, 00‑801 Warsaw.

The controller has appointed a Data Protection Officer who can be contacted at iod@abm.gov.pl.

For your convenience, the Agency’s websites use cookies to tailor the websites to your needs and for the purposes described in the table provided.

Cookies are small text files sent by the website you visit to your end device (computer, smartphone, etc.).

The Agency’s websites use three types of cookies: 

1. strictly necessary (making the website usable by enabling basic functions such as site navigation and access to secure website areas; the website cannot function properly without these cookies);
2. functional (used to remember your selected privacy preferences, to fill in online forms provided to you, etc.);
3. used by third-party services which some of the Agency’s websites link to. The websites may also use cookies other than those mentioned above, including in particular those allowing you to log in and view ads corresponding to your tastes and behaviours, i.e., advertising cookies. These types of cookies are cookies in youtube.com (for YouTube’s privacy policy, go to: http://www.google.pl/intl/pl/policies/privacy/)
4. and in DoubleClick to check if your browser supports cookies (https://policies.google.com/technologies/cookies?hl=en).

As required, our website has a functionality which gives you the option to consent to individual cookies.

We use Matomo to generate and analyse aggregate statistics concerning visits to our Websites. This gives us full control over the data we process. Matomo uses a script to automatically collect:

1. your IP address (anonymised);
2. the type, make and model of the device from which the connection is established;
3. the resolution of the screen on which the websites were displayed;
4. information about your operating system;
5. the name, language and engine of your browser and any plug-ins installed;
6. the name of the domain from which you are accessing our site;
7. location data (country);
8. information about what content you access on our Websites and how much time you spend on it.

You can decide on your cookie preferences.

Strictly necessary cookies do not require your consent, as they ensure the proper basic functioning of the website.

If we use optional, functional or advertising cookies, your consent will be required. To change your cookie preferences, tick the box next to the selected categories and confirm your selection with the “Save selection” button. Pressing “Accept all” means that we will, with your consent, use all cookies used by the website.

In most web browsers, you can delete cookies from your computer’s hard drive (in browser settings), block all cookies sent or set a warning before cookies are placed on your device. 

Please note that if you restrict your cookie settings, this may affect some of the website functionalities, e.g. prevent you from logging into your e-mail account. 

You have the right to:

• access your personal data (Article 15 GDPR), including to obtain a copy of the data (Article 15(3) GDPR), and rectify inaccurate personal data or have incomplete personal data completed (16 GDPR);
• request the erasure of personal data in cases provided for by the law (Article 17 GDPR);
• request the restriction of the processing of personal data (Article 18 GDPR);
• receive personal data from the controller in a structured format and transmit those data to another controller. With respect to data portability, due to other legislation, your consent or that of another person, or the satisfaction of other conditions required by such legislation, may be required (Article 20 GDPR);
• object to the processing of your personal data where it is processed for the legitimate interest pursued by the controller, on grounds relating to your particular situation, especially to object to profiling (Article 21 GDPR);
• withdraw your consent without affecting the lawfulness of the processing before the withdrawal.

Here is how you can change your cookie settings in the most popular search engines:

Google Chrome Menu > Settings > Show advanced settings > Privacy > Content settings > Cookies – select the appropriate option.

Internet Explorer Menu > Tools > Internet Options > Privacy – select the appropriate option.

Mozilla Firefox Menu > Options > Privacy > History – select the appropriate option.

Opera
Menu > Preferences > Advanced > Cookies – select the appropriate option.

Safari
Menu > Preferences > Privacy > Cookies – select the appropriate option.

Server logs

1. Information about certain user behaviours is subject to server logging. This data is used exclusively for website administration purposes and to ensure as efficient a provision of hosting services as possible.
2. The resources viewed are identified through URLs. In addition, the following information may be recorded:
   • the timing of the enquiry;
   • the timing of the reply;
   • the name of the client station, identified through HTTP;
   • information about errors that occurred during the HTTP transaction;
   • the URL of a page previously visited by the user (referrer link), if the Website was accessed via a link;
   • information about the user’s browser;
   • IP address information.
3. The above data are not associated with specific visitors.
4. The data are only used for server administration purposes.

The Medical Research Agency in Warsaw wishes to assure you that it is aware of the importance of information assets used in the course of carrying out its statutory tasks and achieving its objectives. As such, it guarantees the security of information processed by virtue of its Information Security Policy:

• We are committed to creating conditions that ensure the security of the information assets we hold.
• We assure you that the processing of information is lawful.
• We raise the awareness and qualifications of our employees on information security.
• We identify information security risks and take proactive measures to minimise them.
• We proactively respond to information security incidents.
• We maintain and improve the Information Security Management System.

Informational clause for the Contractor, Beneficiary, Cooperating Entity and persons and Cooperating Entity, and natural persons assigned by them to maintain contact, and execute and perform the subject matter of the contract

In accordance with Articles 13 and 14 Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation - GDPR, OJ L No. 119 of 2016) be informed that:

1. The Medical Research Agency based in Warsaw, postcode: 00-801, ul. Chmielna 69, shall be the Controller of personal data of natural persons representing the Harvard Medical School Postgraduate Medical Education and natural persons assigned by it to maintain contact and execute the Letter of Intent.
2. Also be informed that the personal data that the Controller did not obtain directly from the persons referred to in par. 1 were obtained from the Harvard Medical School Postgraduate Medical Education.
3. The Controller has designated a Data Protection Officer who is available at iod@abm.gov.pl.
4. The Controller shall process personal data of the persons referred to in par. 1 based on:
   1. Article 6 par. 1 (b) GDPR, processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract,
   2. Article 6 par. 1 (e) GDPR, processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Controller; 
   3. Article 6 par. 1 (c) GDPR, processing is necessary for compliance with the Controller's legal obligations; 
   4. Article 6 par. 1 (f) GDPR, processing only for the purpose and within the scope necessary to perform the Controller's tasks related to the execution of the Letter of Intent; the legitimate interest of the Controller is to make it possible to maintain communication related to the conclusion and execution of the Letter of Intent, receiving and transferring declarations of will of the parties to the Letter of Intent, dealing with possible claims; and after its conclusion it is necessary to establish, investigate and defend against possible claims.
5. The personal data shall include the category of identification and contact data: first name, surname, email address, telephone number, scientific title, post or function and employing company. 
6. The personal data referred to in par. 1 may be transferred to public institutions and state authorities or other entities authorised under the provisions of the law or performing tasks implemented in public interest or for the purpose of exercising public authority. The data may be transferred to entities that operate the Controller's telecommunications systems and provide the Controller with telecommunications tools or postal, hosting, cloud and document shredding services.
7. The Controller shall not take automated decisions, including decisions resulting from profiling within the meaning of GDPR, based on the personal data of the persons referred to in par. 1. 
8. The personal data of the persons referred to in par. 1 shall be processed for the period of the Letter of Intent execution, unless a longer period of processing is necessary, e.g. due to the period of limitation for claims or the registrar's instructions and Jednolity Rzeczowy Wykaz Akt [Uniform Material List of Files].
9. The persons referred to in par. 1 shall have the right to demand that the Controller give them access to their personal data, the right to rectification, the right to erasure, the right to restriction of processing and the right to data portability.
10.  The persons referred to in par. 1 shall also have the right to object processing.
11. The persons referred to in par. 1 shall have the right to complain to a supervising authority, i.e. the President of the Personal data Protection Office.
12.  The provision of the personal data referred to in par. 1 is necessary to conclude the Letter of Intent. Failure to provide personal data shall result in inability to conclude and execute the Letter of Intent.
13.  The personal data of the persons referred to in par. 1 shall not be transferred to a third country/international organisation unless the Controller's legal obligations require that.

Image

1. The Controller of your personal data is the Medical Research Agency based at ul. Chmielna 69, 00‑801 Warsaw.
2. The Controller has appointed a Data Protection Officer whom you can contact at iod@abm.gov.pl.
3. Your personal data in the scope of the personal image recorded in the video material and/or photo(s),¹ along with your name, academic title and/or degree, and/or function, will be processed, without prejudice to your personal rights, pursuant to Art. 6(1)(a) of the GDPR for educational, information and promotional purposes related to the Agency's activities.
4. Your personal data will be stored by the Controller for the period necessary to fulfil the above-mentioned purpose or until your consent is withdrawn.
5. Your personal data may be made available to bodies or entities authorised to that on the basis of separate regulations or performing tasks carried out in the public interest or in the exercise of public authority. We may transfer your personal data to the entities that operate the Controller's ICT systems and provide it with ICT tools, or provide electronic mail, cloud or hosting services for the Controller.
6. Your personal data will not be subject to decisions based on automated processing and will not be profiled.
7. You have the right to demand from the Controller access to your personal data, the right to rectify them, erase them, or limit their processing, the right to withdraw your consent at any time, and the right to data portability.
8. You have the right to lodge a complaint with the supervisory authority – the President of the Office for Personal Data Protection in Poland (Prezes Urzędu Ochrony Danych Osobowych).
9. Providing your personal data is necessary to fulfil the purpose for which they are collected. Failure to provide these data shall result in the inability to share the video material and/or photo(s) from the training course or conference referred hereinabove.
10. Your personal data will not be provided to a third country/international organisation unless the Controller is required to do so by law.